• Post Reply Bookmark Topic Watch Topic
  • New Topic

server security..  RSS feed

 
Justin Fox
Ranch Hand
Posts: 802
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok i have a chatclient, that people in general are going to use to chat to reps at my workplace. Then i have reps that login to the server similarly, but have admin privilages.

But i don't want to just send '#Admin' before their login, that would leave holes.

how do I determine if a certain socket.getInetAddress() is on the server's network or not. that would be a better way of checking for admin privileges.

the reason i have security concerns, is we have a database with pretty important info, like 'credit card numbers,the card holders address,name,etc..'

if i could get some help on this, or a better way of ensuring server sided sercurity please help.

Thanks a lot,

Justin Fox
 
Ryan Muster
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi There...

Yuk! I just dont like it... credit cards oh boy

I think you going to get yourself into more and more trouble.

What I suggest you do is try get your client working against a servlet container.
It does mean you have to learn a little about POSTs, but its going to be so much easier.

Then move up a protocol layer (on the client) at leaset to something like
HttpURLConnection, or maybe the Apache HTTPClient

You see at that level things like BASIC and DIGEST passwords control is possible without a lifetime of work, and then untimately if you dont want to start writing encryption yourself you can move to SSL, and I think that where this is going.

You at the very bottom of the protocol scale... if you move up, its all there.

Good luck...

Oh... one other radical way is to use a POJO Application Server, it puts applications on the web, but you will see even they are based on servelet technology.
 
Justin Fox
Ranch Hand
Posts: 802
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok, when you say 'servlet' what does that pertain to? I've heard the terminology, but dont really know what it means, much less know what it is.

if you could kinda sum it up for me, that would be great

Thanks,

Justin Fox
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A bare bones HTTP server accepts HTTP reqeusts like "GET home.html", finds a file that matches the request and returns it. A servlet container goes a huge step further to invoke a Java class to handle the request. The Java class can do and return pretty much anything you can imagine in Java. By getting a tiny bit fancy, we can "hide" the fact that we're using Java entirely, so users might still see "home.html" on the address bar of their browser.

You write a class that extends Servlet and register it with the container. When the container matches a request to your servlet, the container calls your doGet() or doPost() methods. Try the Sun Servlet Tutorial for a start, and visit the servlet forum on the ranch for more.

Now, do you need servlets? Hard to say right now. Do you have a pure socket protocol so far?
 
Justin Fox
Ranch Hand
Posts: 802
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i wouldn't say i have any protocol at all, besides tcp/ip.

right now all i have is the basic ServerSocket and Socket structured type of app.

how would i set a protocol?

and thanks for the info. on servlets.

Justin Fox
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!